EBSI and walt.id

Written By Dominik Beron

Open source decentralized identity and wallet infrastructure for developers and businesses on EBSI.

TLDR

In collaboration with the European Blockchain Service Infrastructure (EBSI), we built a decentralized identity and wallet infrastructure for the EBSI ecosystem. As a result, developers now have holistic identity tools that enable four capabilities around Self-Sovereign Identity (SSI):

  1. Create and issue Verifiable Credentials (to digitize identity information)

  2. Manage and share Verifiable Credentials (to prove identity attributes via a app/wallet)

  3. Verify Verifiable Credentials (for auth, identity verification, …)

  4. Use Verifiable Credentials with traditional identity/CIAM infrastructure

These capabilities can be used to build a great variety of use cases such as in the public sector (passports, visas, proof of residence), education (diplomas, student IDs), employment (badges, organizational affiliation), banking (KYC, loans) and beyond.

Let’s dive in!

Why did we partner with EBSI?

Decentralized identity relies on so-called "identity ecosystems" to create trust between people and organizations, typically through "Trust Registries" , which act like a single source of truth for information that is required to reliably verify identity data. Distributed Ledger Technologies (DLT) or blockchains are often the preferred technology for implementing Trust Registries due to their decentralization, transparency and immutability, which allow for easy auditing and prevent manipulation by intermediaries.

EBSI is particularly interesting as it is the first public sector blockchain services in Europe. Moreover, EBSI aims to leverage the power of blockchain to accelerate the creation of cross-border services for public administrations and their ecosystems. Those cross-border use cases inside the EU makes the ecosystem and our project particularly relevant.

You can read more about identity ecosystems, Trust Registries and the role of blockchain for decentralized identity here and here.

What our collaboration is about: Building Decentralized Identity infrastructure for EBSI

In collaboration with EBSI we set out to make decentralized identity easier accessible for builders in the EBSI ecosystem by providing powerful open source libraries for developers and businesses.

Today, there are different decentralized identity technologies like

  • Self-Sovereign Identity (SSI) which has been specifically designed for identity use cases, and is, therefore, suitable for sharing data-rich identity credentials privately and off-chain. SSI can be implemented with or without blockchains. If blockchains are used, their main purpose is typically to establish Trust Registries which are required for data verification.

  • Non-Fungible and Soulbound Tokens (NFTs, SBTs) which have initially been designed for the tokenization of assets, not for identity use cases. As a result, this approach is suitable for data that is not protected by regulations (like public data, organizational data) or for use cases that require only minimal or anonymized data proofs (aligned with privacy considerations) or for use cases in which access to a service is not necessarily linked to one’s identity (like tickets). While certain data associated with NFTs/SBTs can be stored off-chain, this approach can only be implemented with blockchains.

  • Mobile drivers license (MDL): This approach is the most traditional one and has been developed without considering blockchains as a native component.

Considering EBSI’s work with public authorities, its experience with SSI and its focus on enabling rich identity use cases across industries, we decided that SSI must definitely be supported.

Why Decentralized Identity based on Self-Sovereign Identity ?

The internet lacks a native identity layer. As a result, digital identity has been built on top of centralized databases that created a digital world in which user data is siloed, fragmented and disconnected. However, the world is changing and identity data is moving from apps (traditional model) to users (wallet-centric model) based on technologies like Self-Sovereign Identity (SSI) which ensure that data is user-controlled, easy to share, reliably verifiable and always up to date. This shift - from closed data silos to open data ecosystems - is unfolding as follows:

Firstly, for identity information to become useful across different systems and domains it must be digitized and made “reusable”. In other words, organizations need the ability to transform existing identity information into digital Verifiable Credentials (VCs), which can be issued to and easily shared with their customers, users and other stakeholders.

Let’s call this the “VC supply side”. 

Secondly (as the “VC supply side” is ramping up), there is a growing need for organizations to be able to request, process and verify VCs of their stakeholders in order to authenticate and identify them such as in the context of access management.

Let’s call this the “VC demand side” (together with the next point).

Thirdly, we see more and more organizations (e.g. in the public sector, banking, health care, education as well as providers of payment or web3 wallets)  incorporating VCs into their applications so that their users can easily manage and share their identity information via the applications they already use. 

The open source developer tools built by walt.id and EBSI enable you to do all of these things and more!

Holistic open source developer tooling for decentralized identity

Our open source tools provide everything developers and organizations need to use Self-Sovereign Identity on EBSI aligned with industry standards standards: 

For Issuers

As outlined, Identity information must be transformed into Verifiable Credentials to be reusable and verifiable across systems. Developers can now do just that while all complexities are abstracted including, for example, the registration and management of W3C Decentralized Identifiers (did:ebsi), the utilization of Trust Registries on EBSI as well as the import of data from local or other sources and its transformation into signed W3C Verifiable Credentials (JSON-L or, JWT), which can then be shared via standardized protocols like OpenID Connect (OIDC4VCI). 

For Holders (“Identity Wallet”)

Apart from the issuance of Verifiable Credentials, our tools enable developers to build identity wallets. Anyone can now either build brand new identity wallets or extend existing applications with abilities like registering and managing Decentralized identifiers or requesting, storing, managing and sharing Verifiable Credentials with third parties (“Verifiers”) in order to authenticate or prove their identity. 

For Verifiers

Finally, our open source tools make it easy to verify Verifiable Credentials and by extension any identity information of people and organizations. Based on these capabilities developers can build user onboarding, authentication, identification and check-out flows into their applications in order to manage their stakeholders’ access to different products, services or communities based on Verifiable Credentials. Importantly, any type of identity attribute (e.g. core identity, education and employment records, financial and health data, …) can be verified and access rights can simply be configured with customizable verification policies (based REGO and the Open Policy Agent).

Backwards Compatibility (“Identity Provider”)

Finally, given that more and more traditional businesses are using Verifiable Credentials, we also built an “identity provider” (leveraging OpenID Connect) that integrates with traditional identity and access management tools (e.g. KeyCloak). As a result, developers and businesses benefit from backwards compatibility as they can now easily implement SSI and Verifiable Credentials with these traditional access management tools.

How to get started 

Depending on your preferences, start hands on with a demo or dive into the functionalities and the overall architecture.

Events

  • Building on EBSI - Learn how to build identity solutions on EBSI no matter the role - Issuer, Verifier or Holder

Deep dive 

  • Docs - Learn more about our integration of EBSI

About walt.id

walt.id offers open source decentralized identity and wallet infrastructure for developers and businesses.

The company’s products are used by thousands of developers, governments, public authorities, enterprises, and decentralized autonomous organizations to build applications and use cases across industries.

For more information, visit walt.id or join them on Discord.

Dominik Beron
Previous

Velocity and walt.id
Next

cheqd and walt.id